October212013

Google’s Iron Grip on Android (Ars Technica) — While Google will never go the entire way and completely close Android, the company seems to be doing everything it can to give itself leverage over the existing open source project. And the company’s main method here is to bring more and more apps under the closed source “Google” umbrella.

How to Live Without Being Tracked (Fast Company) — this seems appropriate: she assumes that every phone call she makes and every email she sends will be searchable by the general public at some point in the future. Full of surprises, like To identify tires, which can come in handy if they’re recalled, tire manufacturers insert an RFID tag with a unique code that can be read from about 20 feet away by an RFID reader..

method.ac — Complete 50 challenges. Each challenge is a small, design related task. They cover theory and practice of one specific design subject. Challenges are progressively more difficult, and completing them gives you access to more intricate challenges.

IBM Watson’s Cancer Moonshot (Venture Beat) — IBM is ready to make a big a bet on Watson, as it did in the 1970s when it invested in the emergence of the mainframe. Watson heralds the emergence of “thinking machines,” which learn by doing and already trump today’s knowledge retrieval machines. I for one welcome the opportunity to be a false negative.

May152013

Facial Recognition in Google Glass (Mashable) — this makes Glass umpty more attractive to me. It was created in a hackathon for doctors to use with patients, but I need it wired into my eyeballs.

How to Price Your Hardware Project — At the end of the day you are picking a price that enables you to stay in business. As @meganauman says, “Profit is not something to add at the end, it is something to plan for in the beginning.”

Hardware Pricing (Matt Webb) — When products connect to the cloud, the cost structure changes once again. On the one hand, there are ongoing network costs which have to be paid by someone. You can do that with a cut of transactions on the platform, by absorbing the network cost upfront in the RRP, or with user-pays subscription.

September182012

Health care appears immune to disruption. It’s a space where the stakes are high, the incumbents are entrenched, and lessons from other industries don’t always apply.

Yet, in a recent conversation between Tim O’Reilly and Roger Magoulas it became evident that we’re approaching an unparalleled opportunity for health care change. O’Reilly and Magoulas explained how the convergence of data access, changing perspectives on privacy, and the enormous expense of care are pushing the health space toward disruption.

As always, the primary catalyst is money. The United States is facing what Magoulas called an “existential crisis in health care costs” [discussed at the 3:43 mark]. Everyone can see that the current model is unsustainable. It simply doesn’t scale. And that means we’ve arrived at a place where party lines are irrelevant and tough solutions are the only options.

“Who is it that said change happens when the pain of not changing is greater than the pain of changing?” O’Reilly asked. “We’re now reaching that point.” [3:55]

(Note: The source of that quote is hard to pin down, but the sentiment certainly applies.)

This willingness to change is shifting perspectives on health data. Some patients are making their personal data available so they and others can benefit. Magoulas noted that even health companies, which have long guarded their data, are warming to collaboration.

At the same time there’s a growing understanding that health data must be contextualized. Simply having genomic information and patient histories isn’t good enough. True insight — the kind that can improve quality of life — is only possible when datasets are combined.

“Genes aren’t destiny,” Magoulas said. “It’s how they interact with other things. I think people are starting to see that. It’s the same with the EHR [Electronic Health Record]. The EHR doesn’t solve anything. It’s part of a puzzle.” [4:13]

And here’s where the opportunity lies. Extracting meaning from datasets is a process data scientists and Silicon Valley entrepreneurs have already refined. That means the same skills that improve mindless ad-click rates can now be applied to something profound.

“There’s this huge opportunity for those people with those talents, with that experience, to come and start working on stuff that really matters,” O’Reilly said. “They can save lives and they can save money in one of the biggest and most critical industries of the future.” [5:20]

The language O’Reilly and Magoulas used throughout their conversation was telling. “Save lives,” “work on stuff that matters,” “huge opportunity” — these aren’t frivolous phrases. The health care disruption they discussed will touch everyone, which is why it’s imperative the best minds come together to shape these changes.

The full conversation between O’Reilly and Magoulas is available in the following video.

The “quasi-market system” of health care makes it harder to disrupt than other industries. [3:15]

The U.S. is facing an existential crisis around health care costs. “This is bigger than one company.” [3:43]

We can benefit from the multiple data types coming “on stream” at the same time. These include electronic medical records, inexpensive gene sequencing, and personal sensor data. [4:28]

The availability of different datasets presents an opportunity for Silicon Valley because data scientists and technologists already have the skills to manage the data. Important results can be found when this data is correlated: “The great thing is we know it can work.” [5:20]

September132012

This week has been teaming with health care conferences, particularly in Boston, and was declared by President Obama to be National Health IT Week as well. I chose to spend my time at the second ITdotHealth conference, where I enjoyed many intense conversations with some of the leaders in the health care field, along with news about the SMART Platform at the center of the conference, the excitement of a Clayton Christiansen talk, and the general panache of hanging out at the Harvard Medical School.

SMART, funded by the Office of the National Coordinator in Health and Human Services, is an attempt to slice through the Babel of EHR formats that prevent useful applications from being developed for patient data. Imagine if something like the wealth of mash-ups built on Google Maps (crime sites, disaster markers, restaurant locations) existed for your own health data. This is what SMART hopes to do. They can already showcase some working apps, such as overviews of patient data for doctors, and a real-life implementation of the heart disease user interface proposed by David McCandless in WIRED magazine.

The premise and promise of SMART

At this conference, the presentation that gave me the most far-reaching sense of what SMART can do was by Nich Wattanasin, project manager for i2b2 at Partners. His implementation showed SMART not just as an enabler of individual apps, but as an environment where a user could choose the proper app for his immediate needs. For instance, a doctor could use an app to search for patients in the database matching certain characteristics, then select a particular patient and choose an app that exposes certain clinical information on that patient. In this way, SMART an combine the power of many different apps that had been developed in an uncoordinated fashion, and make a comprehensive data analysis platform from them.

Another illustration of the value of SMART came from lead architect Josh Mandel. He pointed out that knowing a child’s blood pressure means little until one runs it through a formula based on the child’s height and age. Current EHRs can show you the blood pressure reading, but none does the calculation that shows you whether it’s normal or dangerous. A SMART app has been developer to do that. (Another speaker claimed that current EHRs in general neglect the special requirements of child patients.)

SMART is a close companion to the Indivo patient health record. Both of these, aong with the i2b2 data exchange system, were covered in article from an earlier conference at the medical school. Let’s see where platforms for health apps are headed.

In September 2009, the HITECH act (part of the American Recovery and Reinvestment Act) had defined the concept of “meaningful use,” but nobody really knew what was expected of health care providers, because the ONC and the Centers for Medicare & Medicaid Services did not release their final Stage 1 rules until more than a year after this conference. Aneesh Chopra, then the Federal CTO, and Todd Park, then the CTO of Health and Human Services, spoke at the conference, but their discussion of health care reform was a “vision.” A surprisingly strong statement for patient access to health records was made, but speakers expected it to be accomplished through the CONNECT Gateway, because there was no Direct. (The first message I could find on the Direct Project forum dated back to November 25, 2009.) Participants had a sophisticated view of EHRs as platforms for applications, but SMART was just a “conceptual framework.”

So in some ways, ONC, Harvard, and many other contributors to modern health care have accomplished an admirable amount over three short years. But some ways we are frustratingly stuck. For instance, few EHR vendors offer API access to patient records, and existing APIs are proprietary. The only SMART implementation for a commercial EHR mentioned at this week’s conference was one created on top of the Cerner API by outsiders (although Cerner was cooperative). Jim Hansen of Dossia told me that there is little point to encourage programmers to create SMART apps while the records are still behind firewalls.

Keynotes

I couldn’t call a report on ITdotHealth complete without an account of the two keynotes by Christiansen and Eric Horvitz, although these took off in different directions from the rest of the conference and served as hints of future developments.

Christiansen is still adding new twists to the theories laid out in c The Innovator’s Dilemma and other books. He has been a backer of the SMART project from the start and spoke at the first ITdotHealth conference. Consistent with his famous theory of disruption, he dismisses hopes that we can reduce costs by reforming the current system of hospitals and clinics. Instead, he projects the way forward through technologies that will enable less trained experts to successively take over tasks that used to be performed in more high-cost settings. Thus, nurse practitioners will be able to do more and more of what doctors do, primary care physicians will do more of what we current delegate to specialists, and ultimately the patients and their families will treat themselves.

He also has a theory about the progression toward openness. Radically new technologies start out tightly integrated, and because they benefit from this integration they tend to be created by proprietary companies with high profit margins. As the industry comes to understand the products better, they move toward modular, open standards and become commoditized. Although one might conclude that EHRs, which have been around for some forty years, are overripe for open solutions, I’m not sure we’re ready for that yet. That’s because the problems the health care field needs to solve are quite different from the ones current EHRs solve. SMART is an open solution all around, but it could serve a marketplace of proprietary solutions and reward some of the venture capitalists pushing health care apps.

While Christiansen laid out the broad environment for change in health care, Horvitz gave us a glimpse of what he hopes the practice of medicine will be in a few years. A distinguished scientist at Microsoft, Horvitz has been using machine learning to extract patterns in sets of patient data. For instance, in a collection of data about equipment uses, ICD codes, vital signs, etc. from 300,000 emergency room visits, they found some variables that predicted a readmission within 14 days. Out of 10,000 variables, they found 500 that were relevant, but because the relational database was strained by retrieving so much data, they reduced the set to 23 variables to roll out as a product.

Another project predicted the likelihood of medical errors from patient states and management actions. This was meant to address a study claiming that most medical errors go unreported.

A study that would make the privacy-conscious squirm was based on the willingness of individuals to provide location data to researchers. The researchers tracked searches on Bing along with visits to hospitals and found out how long it took between searching for information on a health condition and actually going to do something about it. (Horvitz assured us that personally identifiable information was stripped out.)

His goal is go beyond measuring known variables, and to find new ones that could be hidden causes. But he warned that, as is often the case, causality is hard to prove.

As prediction turns up patterns, the data could become a “fabric” on which many different apps are based. Although Horvitz didn’t talk about combining data sets from different researchers, it’s clearly suggested by this progression. But proper de-identification and flexible patient consent become necessities for data combination. Horvitz also hopes to move from predictions to decisions, which he says is needed to truly move to evidence-based health care.

Did the conference promote more application development?

My impression (I have to admit I didn’t check with Dr. Ken Mandl, the organizer of the conference) was that this ITdotHealth aimed to persuade more people to write SMART apps, provide platforms that expose data through SMART, and contribute to the SMART project in general. I saw a few potential app developers at the conference, and a good number of people with their hands on data who were considering the use of SMART. I think they came away favorably impressed–maybe by the presentations, maybe by conversations that the meeting allowed them to have with SMART developers–so we may see SMART in wider use soon. Participants came far for the conference; I talked to one from Geneva, for instance.

The presentations were honest enough, though, to show that SMART development is not for the faint-hearted. On the supply side–that is, for people who have patient data and want to expose it–you have to create a “container” that presents data in the format expected by SMART. Furthermore, you must make sure the data conforms to industry standards, such as SNOMED for diagnoses. This could be a lot of conversion.

On the application side, you may have to deal with SMART’s penchant for Semantic Web technologies such as OWL and SPARQL. This will scare away a number of developers. However, speakers who presented SMART apps at the conference said development was fairly easy. No one matched the developer who said their app was ported in two days (most of which were spent reading the documentation) but development times could usually be measured in months.

Mandl spent some time airing the idea of a consortium to direct SMART. It could offer conformance tests (but probably not certification, which is a heavy-weight endeavor) and interact with the ONC and standards bodies.

After attending two conferences on SMART, I’ve got the impression that one of its most powerful concepts is that of an “app store for health care applications.” But correspondingly, one of the main sticking points is the difficulty of developing such an app store. No one seems to be taking it on. Perhaps SMART adoption is still at too early a stage.

Once again, we are batting our heads up against the walls erected by EHRs to keep data from being extracted for useful analysis. And behind this stands the resistance of providers, the users of EHRs, to give their data to their patients or to researchers. This theme dominated a federal government conference on patient access.

I think SMART will be more widely adopted over time because it is the only useful standard for exposing patient data to applications, and innovation in health care demands these apps. Accountable Care Organizations, smarter clinical trials (I met two representatives of pharmaceutical companies at the conference), and other advances in health care require data crunching, so those apps need to be written. And that’s why people came from as far as Geneva to check out SMART–there’s nowhere else to find what they need. The technical requirements to understand SMART seem to be within the developers’ grasps.

But a formidable phalanx of resistance remains, from those who don’t see the value of data to those who want to stick to limited exchange formats such as CCDs. And as Sean Nolan of Microsoft pointed out, one doesn’t get very far unless the app can fit into a doctor’s existing workflow. Privacy issues were also raised at the conference, because patient fears could stymie attempts at sharing. Given all these impediments, the government is doing what it can; perhaps the marketplace will step in to reward those who choose a flexible software platform for innovation.

September052012

Health care costs rise as doctors try batches of treatments that don’t work in search of one that does. Meanwhile, drug companies spend billions on developing each drug and increasingly end up with nothing to show for their pains. This is the alarming state of medical science today. Shahid Shah, device developer and system integrator, sees a different paradigm emerging. In this interview at the Open Source convention, Shah talks about how technologies and new ways of working can open up medical research.

August292012

The stress of falling seriously ill often drags along the frustration of having no idea what the treatment will cost. We’ve all experienced the maddening stream of seemingly endless hospital bills, and testimony by E-patient Dave DeBronkart and others show just how absurd U.S. payment systems are.

So I was happy to seize the opportunity to ask questions of three researchers from Castlight Health about the service they’ll discuss at the upcoming Strata Rx conference about data in health care.

Castlight casts its work in the framework of a service to employers and consumers. But make no mistake about it: they are a data-rich research operation, and their consumers become empowered patients (e-patients) who can make better choices.

As Arjun Kulothungun, John Zedlewski, and Eugenia Bisignani wrote to me, “Patients become empowered when actionable information is made available to them. In health care, like any other industry, people want high quality services at competitive prices. But in health care, quality and cost are often impossible for an average consumer to determine. We are proud to do the heavy lifting to bring this information to our users.”

Following are more questions and answers from the speakers:

1. Tell me a bit about what you do at Castlight and at whom you aim your services.

We work together in the Research team at Castlight Health. We provide price and quality information to our users for most common health care services, including those provided by doctors, hospitals, labs, and imaging facilities. This information is provided to patients through a user-friendly web interface and mobile app that shows their different healthcare options customized to their health care plan. Our research team has built a sophisticated pricing system that factors in a wide variety of data sources to produce accurate prices for our users.

At a higher level, this fits into our company’s drive toward healthcare transparency, to help users better understand and navigate their healthcare options. Currently, we sell this product to employers to be offered as a benefit to their employees and their dependents. Our product is attractive to self-insured employers who operate a high-deductible health plan. High-deductible health plans motivate employees to explore their options, since doing so helps them save on their healthcare costs and find higher quality care. Our product helps patients easily explore those options.

2. What kinds of data do you use? What are the challenges involved in working with this data and making it available to patients?

We bring in data from a variety of sources to model the financial side of the healthcare industry, so that we can accurately represent the true cost of care to our users. One of the challenges we face is that the data is often messy. This is due to the complex ways that health care claims are adjudicated, and the largely manual methods of data entry. Additionally, provider data is not highly standardized, so it is often difficult to match data from different sources. Finally, in a lot of cases the data is sparse: some health care procedures are frequent, but others are only seldom performed, so it is more challenging to determine their prices.

The variability of care received also presents a challenge, because the exact care a patient receives during a visit cannot always be predicted ahead of time. A single visit to a doctor can yield a wide array of claim line items, and the patient is subsequently responsible for the sum of these services. Thus, our intent is to convey the full cost of the care patients are to receive. We believe patients are interested in understanding their options in a straightforward way, and that they don’t think in terms of claim line items and provider billing codes. So we spend a lot of time determining the best way to reflect the total cost of care to our users.

3. How much could a patient save if they used Castlight effectively? What would this mean for larger groups?

For a given procedure or service, the difference in prices in a local area can vary by 100% or more. For instance, right here in San Francisco, we can see that the cost for a particular MRI varies from $450 to nearly $3000, depending on the facility that a patient chooses, while an office visit with a primary care doctor can range from $60 to $180. But a patient may not always wish to choose the lowest cost option. A number of different factors affect how much a patient could save: the availability of options in their vicinity, the quality of the services, the patient’s ability to change the current doctor/hospital for a service, personal preferences, and the insurance benefits provided. Among our customers, the empowerment of patients adds up to employer savings of around 13% in comparison to expected trends.

In addition to cost savings, Castlight also helps drive better quality care. We have shown a 38% reduction in gaps in care for chronic conditions such as diabetes and high blood pressure. This will help drive further savings as individuals adhere to clinically proven treatment schedules.

4. What other interesting data sets are out there for healthcare consumers to use? What sorts of data do you wish were available?

Unfortunately, data on prices of health care procedures is still not widely available from government sources and insurers. Data sources that are available publicly are typically too complex and arcane to be actionable for average health care consumers.

However, CMS has recently made a big push to provide data on hospital quality. Their “hospital compare” website is a great resource to access this data. We have integrated the Medicare statistics into the Castlight product, and we’re proud of the role that Castlight co-founder and current CTO of the United States Todd Park played in making it available to the public. Despite this progress on sharing hospital data, the federal government has not made the same degree of progress in sharing information for individual physicians, so we would love to see more publicly collected data in this area.

5. Are there crowdsourcing opportunities? If patients submitted data, could it be checked for quality, and how could it further improve care and costs?

We believe that engaging consumers by asking them to provide data is a great idea! The most obvious place for users to provide data is by writing reviews of their experiences with different providers, as well as rating those providers on various facets of care. Castlight and other organizations aggregate and report on these reviews as one measure of provider quality.

It is harder to use crowdsourced information to compute costs. There are significant challenges in matching crowdsourced data to providers and especially to services performed, because line items are not identified to consumers by their billing codes. Additionally, rates tend to depend on the consumer’s insurance plan. Nonetheless, we are exploring ways to use crowdsourced pricing data for Castlight.

August092012

The quantum leap we need in patient care requires a complete overhaul of record-keeping and health IT. Leaders of the health care field know this and have been urging the changes on health care providers for years, but the providers are having trouble accepting the changes for several reasons.

What’s holding them back? Change certainly costs money, but the industry is already groaning its way through enormous paradigm shifts to meet current financial and regulatory climate, so the money might as well be directed to things that work. Training staff to handle patients differently is also difficult, but the staff on the floor of these institutions are experiencing burn-out and can be inspired by a new direction. The fundamental resistance seems to be expectations by health providers and their vendors about the control they need to conduct their business profitably.

A few months ago I wrote an article titled Five Tough Lessons I Had to Learn About Health Care. Here I’ll delineate some elements of a new health care system that are promoted by thought leaders, that echo the evolution of other industries, that will seem utterly natural in a couple decades–but that providers are loathe to consider. I feel that leaders in the field are not confronting that resistance with an equivalent sense of conviction that these changes are crucial.

Records are not static. They must be combined, parsed, and analyzed to be useful. In the health care field, records must travel with the patient. Furthermore, we need an explosion of data analysis applications in order to drive diagnosis, public health planning, and research into new treatments.

Data-wise (or data-ignorant), doctors are stuck in the 1980s, buying proprietary record systems that don’t work together even between different departments in a hospital, or between outpatient clinics and their affiliated hospitals. Now the vendors are responding to pressures from both government and the market by promising interoperability. The federal government has taken this promise as good coin, hoping that vendors will provide windows onto their data. It never really happens. Every baby step toward opening up one field or another requires additional payments to vendors or consultants.

That’s why exchanging patient data (health information exchange) requires a multi-million dollar investment, year after year, and why most HIEs go under. And that’s why the HL7 committee, putatively responsible for defining standards for electronic health records, keeps on putting out new, complicated variations on a long history of formats that were not well enough defined to ensure compatibility among vendors.

Leaders in the field know what health care providers could accomplish with data. A recent article even advises policy-makers to focus on the data instead of the electronic records. The question is whether providers are technically and organizationally prepped to accept it in such quantities and variety. When doctors and hospitals think they own the patients’ records, they resist putting in anything but their own notes and observations, along with lab results they order. We’ve got to change the concept of ownership, which strikes deep into their culture.

3. Reform will not succeed unless patients are in charge of their records

Doctors are currently acting in isolation, occasionally consulting with the other providers seen by their patients but rarely sharing detailed information. It falls on the patient, or a family advocate, to remember that one drug or treatment interferes with another or to remind treatment centers of follow-up plans. And any data collected by the patient remains confined to scribbled notes or (in the modern Quantified Self equivalent) a web site that’s disconnected from the official records.

Doctors don’t trust patients. They have some good reasons for this: medical records are complicated documents in which a slight rewording or typographical error can change the meaning enough to risk a life. But walling off patients from records doesn’t insulate them against errors: on the contrary, patients catch errors entered by staff all the time. So ultimately it’s better to bring the patient onto the team and educate her. If a problem with records altered by patients–deliberately or through accidental misuse–turns up down the line, digital certificates can be deployed to sign doctor records and output from devices.

The movement for patient empowerment will take off, as experts in health reform told US government representatives, when patients are in charge of their records. To treat people, doctors will have to ask for the records, and the patients can offer the full range of treatment histories, vital signs, and observations of daily living they’ve collected. Applications will arise that can search the data for patterns and relevant facts.

Once again, the US government is trying to stimulate patient empowerment by requiring doctors to open their records to patients. But most institutions meet the formal requirements by providing portals that patients can log into, the way we can view flight reservations on airlines. We need the patients to become the pilots. We also need to give them the information they need to navigate.

Now that the government is forcing doctors to release informtion about outcomes, patients can start to choose doctors and hospitals that offer the best chances of success. The providers will have to apply more rigor to their activities, using checklists and more, to bring up the scores of the less successful providers. Medicine is both a science and an art, but many lag on the science–that is, doing what has been statistically proven to produce the best likely outcome–even at prestigious institutions.

Patient choice is restricted by arbitrary insurance rules, unfortunately. These also contribute to the utterly crazy difficulty determining what a medical procedure will cost as reported by e-Patient Dave and WBUR radio. Straightening out this problem goes way beyond the doctors and hospitals, and settling on a fair, predictable cost structure will benefit them almost as much as patients and taxpayers. Even some insurers have started to see that the system is reaching a dead-end and are erecting new payment mechanisms.

5. Reform will not succeed unless providers and patients can form partnerships

I’m always talking about technologies and data in my articles, but none of that constitutes health. Just as student testing is a poor model for education, data collection is a poor model for medical care. What patients want is time to talk intensively with their providers about their needs, and providers voice the same desires.

Data and good record keeping can help us use our resources more efficiently and deal with the physician shortage, partly by spreading out jobs among other clinical staff. Computer systems can’t deal with complex and overlapping syndromes, or persuade patients to adopt practices that are good for them. Relationships will always have to be in the forefront. Health IT expert Fred Trotter says, “Time is the gas that makes the relationship go, but the technology should be focused on fuel efficiency.”

Arien Malec, former contractor for the Office of the National Coordinator, used to give a speech about the evolution of medical care. Before the revolution in antibiotics, doctors had few tools to actually cure patients, but they live with the patients in the same community and know their needs through and through. As we’ve improved the science of medicine, we’ve lost that personal connection. Malec argued that better records could help doctors really know their patients again. But conversations are necessary too.

August082012

The concept of an Accountable Care Organization (ACO) reflects modern hopes to improve medicine and cut costs in the health system. Tony MCormick, a pioneer in the integration of health care systems, describes what is needed on the ground to get doctors working together.

Highlights from the full video interview include:

What an Accountable Care Organization is. [Discussed at the 00:19 mark]

July252012

There has been enormous talk over the past few years of open data and what it can do for society, but proponents have largely come to admit: data is not democratizing in itself. This topic is hotly debated, and a nice summary of the viewpoints is available in this PDF containing articles by noted experts. At the Open Source convention last week, I thought a lot about the democratizing potential of data and how it could be realized.

Who benefits from data sets

At a high level, large businesses and other well-funded organizations have three natural advantages over the general public in the exploitation of data sets:

The resources to gather the data

The resources to do the necessary programming to crunch and interpret the data

The resources to act on the results

These advantages will probably always exist, but data can be useful to the public too. We have some tricks that can compensate for each of the large institutions’ advantages:

Crowdsourcing can create data sets that can help everybody, including the formation of new businesses. OpenStreetMap, an SaaS project based on open source software, is a superb example. Its maps have been built up through years of contributions by people trying to support their communities, and it supports interesting features missing from proprietary map projects, such as tools for laying out bike paths.

Data-crunching is where developers, like those at the Open Source convention, come in. Working at non-profits, during week-end challenges, or just on impulse, they can code up the algorithms that make sense of data sets and apps to visualize and accept interaction from people with less technical training.

Some apps, such as reports of neighborhood crime or available health facilities, can benefit individuals, but we can really drive progress by joining together in community organizations or other associations that use the data. I saw a fantastic presentation by high school students in the Boston area who demonstrated a correlation between funding for summer jobs programs and lowered homicides in the inner city–and they won more funding from the Massachusetts legislature with that presentation.

Health care track

This year was the third in which the Open Source convention offered a health care track. IT plays a growing role in health care, but a lot of the established institutions are creaking forward slowly, encountering lots of organizational and cultural barriers to making good use of computers. This year our presentations clustered around areas where innovation is most robust: personal tracking, using data behind the scenes to improve care, and international development.

In a high-energy presentation, systems developer Shahid Shah described the cornucopia of high-quality, structured data that will be made available when devices are hooked together. “Gigabytes of data is being lost every minute from every patient hooked up to hospital monitors,” he said. DDS, HTTP, and XMPP are among the standards that will make an interconnected device mesh possible. Michael Italia described the promise of genome sequencing and the challenges it raises, including storage requirements and the social impacts of storing sensitive data about people’s propensity for disease. Mohamed ElMallah showed how it was sometimes possible to work around proprietary barriers in electronic health records and use them for research.

Representatives from OpenMRS and IntraHealth international spoke about the difficulties and successes of introducing IT into very poor areas of the world, where systems need to be powered by their own electricity generators. A maintainable project can’t be dropped in by external NGO staff, but must cultivate local experts and take a whole-systems approach. Programmers in Rwanda, for instance, have developed enough expertise by now in OpenMRS to help clinics in neighboring countries install it. Leaders of OSEHRA, which is responsible for improving the Department of Veteran Affairs’ VistA and developing a community around it, spoke to a very engaged audience about their work untangling and regularizing twenty years’ worth of code.

In general, I was pleased with the modest growth of the health care track this year–most session drew about thirty people, and several drew a lot more–and both the energy and the expertise of the people who came. Many attendees play an important role in furthering health IT.

Other thoughts

The Open Source convention reflected much of the buzz surrounding developments in computing. Full-day sessions on OpenStack and Gluster were totally filled. A focus on developing web pages came through in the popularity of talks about HTML5 and jQuery (now a platform all its own, with extensions sprouting in all directions). Perl still has a strong community. A few years ago, Ruby on Rails was the must-learn platform, and knock-off derivatives appeared in almost every other programming language imaginable. Now the Rails paradigm has been eclipsed (at least in the pursuit of learning) by Node.js, which was recently ported to Microsoft platforms, and its imitators.

No two OSCons are the same, but the conference continues to track what matters to developers and IT staff and to attract crowds every year. I enjoyed nearly all the speakers, who often pump excitement into the dryest of technical topics through their own sense of continuing wonder. This is an industry where imagination’s wildest thoughts become everyday products.

John Halamka, CIO of Caregroup/Beth Israel Deaconess Medical Center, took the stage first and blasted through all the progress being made establishing the necessary frameworks for HIE to occur in Massachusetts. The takeaway message from John's talk was that there have been many changes since September 2011 in the financial, technical, and legal structures involved in building health information exchange. The lessons learned from the initial pilot should enable Massachusetts to be ready for the first stage of statewide HIE.

HIE development in Massachusetts

Health care providers historically thought of HIE as a large institution run by a state or a major EHR vendor. It carried out the exchange of patient records in the crudest and most heavyweight way, by setting up one-to-one relationships with local hospitals and storing the records. (Some of the more sophisticated HIEs could link together hospitals instead, rather like Napster linked together end-users for file exchange.) These institutions still dominate, but HIE is now being used in a much broader sense, referring to the ability of institutions to share data with each other and even with patients over a variety of channels.

Despite the push for the health IT industry to use "HIE" as a verb rather than a noun, there was quite a lot of discussion at the event surrounding the structures and applications involved. Although HIE should be conceptually identified as a process (verb), having the structures and organizations (nouns) necessary to facilitate exchange is a challenge facing health care entities across the country. This conference did a good job of articulating these organizational challenges, and it presented clear plans on how Massachusetts is addressing them.

In Massachusetts, the model moving forward for phase one of HIE will be based on the Direct Project, with one central Health Information Service Provider (HISP) that will focus on PKI and S/MIME certificate management, maintaining a provider/entity directory, creating a web portal for those not ready for Direct, and maintaining an audit log of transactions. The concept of HISP was created in the Direct Project Implementation and Best Practices workgroups, and was designed to be an organizational and functional framework for the management of directed exchange between health care providers. The statewide HISP will consist of several existing HISP organizations, including Berkshire Health, Partners, Athena Health, and the New England Health Exchange Network. No small task, but not insurmountable.

I remain skeptical about the ability of providers and even hospitals to install EHRs capable of sending Direct-compliant messages conforming to the XDR/XDM IHE Profile for Direct Messaging. Not that it doesn't work or because it's some Herculean task, but essentially because it hasn't been mandated. That may change, though, with the inclusion of Direct Messaging in the transport standards for Meaningful Use Stage 2. In Massachusetts, the creation of a health information highway (phase 1) is set to go live on October 15, 2012. Phase 2 will include analytics and population health, and Phase 3 is set to have search and retrieve, which will include a governance model for an Electronic Master Patient Index (EMPI) and Record Locator Service (RLS). Phase 2 and 3 will set a framework for querying patient data across entities, which is one of the biggest technical barriers to HIE. Currently, one of the best methods for this process is the Patient Identifier Cross-Referencing (PIX) profile, but few organizations are using this tool to its full potential.

What are the challenges?

When experts talk about exchanging health information, they tend to focus on the technology. Micky Tripathi, CEO and executive director of the Massachusetts eHealth Collaborative, pointed out at the event that the problem isn't the aggregation or analysis of data, but the recording of data during the documentation process. In my experience, this is quite accurate: Having exchange standards and the ability to analyze big data is useless if you don't capture the data in the first place, or capture it in a non-standard way. This was highlighted when the Massachusetts eHealth Collaborative ran the same reports on 44 quality measures, first using popHealth data, then again with Massachusetts eHealth Collaborative data, and received conflicting results for each measure. There are certainly lessons to be learned from this pilot about the importance of specifying numerators, denominators, vocabularies, and transmission templates.

Determining what to capture can be as important as how the data is captured. Natasha Khouri elaborated on the challenges of accurate data capture during her presentation on "Implementing Race and Ethnicity Data Collection in Massachusetts Hospitals — Not as Easy as It Sounds." In 2006, Massachusetts added three new fields and 33 categories to more accurately record race and ethnicity information. The purpose of this is to address health disparities, which is something I'm very excited to see discussed at a health IT conference.

With accurate data in hand, direct interventions in communities can be more targeted and effective. However, the largest barrier to this seems to have been getting providers to ask questions about race and ethnicity. This was due to high training costs, staff resistance, and workflow changes necessary for collecting the demographic data. This problem was particularly interesting to me, having worked with the Fenway Health Institute to craft their Meaningful Use Stage 2 comments regarding the inclusion of gender identity and sexual orientation in the demographics criteria. Recording accurate data on vulnerable populations is vital to improving public health campaigns.

What about patients?

For a conference with no patient speakers, there was a surprising amount of discussion about how patients will be involved in HIE and the impact EHRs have on patients. Dr. Lawrence Garber,who serves as the medical informatics director for Reliant Medical Group, examined issues of patient consent. The research he discussed showed that when given the choice, about 5% of patients will opt out of HIE, while 95% will opt in. When patients opt in at the entity/organizational level, this enables automated exchange between providers, entities, care teams, and patients. Organizations utilize a Data Use and Reciprocal Support Agreement (DURSA) to establish a trust framework for authenticating entities that exchange data (presumably for the benefit of patients). DURSAs will likely play an important role as organizations move toward Accountable Care Organization models of care.

Information exchange should also lead to more patient satisfaction with their medical visits, where they will be able to spend more time talking to their doctors about current concerns instead of wasting time reviewing medical history from records that may be incomplete or inaccessible.

Dana Safran, VP of performance measurement and improvement at Blue Cross Blue Shield, explained at the conference that patients can expect better quality of care because quality improvement efforts start with being able to measure processes and outcomes. With HIE, it will be possible to get actual clinical data with which to enhance patient-reported outcome measures (PROMs) and really make them more reliable. Another topic that can be better measured with HIE is provider practice pattern variation. For example, identifying which providers are "outliers" in the number of tests they order, and showing them where they stand compared to their peers, can motivate them to more carefully consider whether each test is needed. Fewer unnecessary tests means cost savings for the whole system, including patients.

The sample size was small, interviewing only 50 patients, but the results certainly warrant a larger, more in-depth study.

In Massachusetts, it seems like the state of the HIE is strong. The next year should be quite exciting. By this time in 2013, we should have a statewide HISP and a web portal service that enables exchange between providers. Halamka has promised that on October 15 the walls between Massachusetts health care orgs will begin to come down. If it is successful in Massachusetts, it could be a valuable model for other states. We also have the opportunity to involve patients in the process, and I hope organizations such as The Society for Participatory Medicine and Direct Trust will be involved in making patients active partners in the exchange of health data.

OSCON 2012 Healthcare Track — The conjunction of open source and open data with health technology promises to improve creaking infrastructure and give greater control and engagement to patients. Learn more at OSCON 2012, being held July 16-20 in Portland, Oregon.

While thousands of health care professionals were flocking to the BIO International Convention this week, I spent Monday in a small library at the Harvard Medical School listening to a discussion of the Indivo patient health record and related open source projects with about 80 intensely committed followers. Lead Indivo architect Daniel Haas, whom I interviewed a year ago, succeeded in getting the historical 2.0 release of Indivo out on the day of the conference. This article explains the significance of the release in the health care field and the promise of the work being done at Harvard Medical School and its collaborators.

Although still at the early adoption stages, Indivo and the related SMART and i2b2 projects merit attention and have received impressive backing. The Office of the National Coordinator funded SMART, and NIH funded i2b2. National Coordinator Farzad Mostashari was scheduled to attend Monday's conference (although he ended up having to speak over a video hookup). Indivo inspired both Microsoft HealthVault and Google Health, and a good deal of its code underlies HealthVault. Australia has taken a nationwide PHR initiative inspired by Indivo. A Partners HealthCare representative spoke at the conference, as did someone from the MIT Media Lab. Clayton M. Christensen et al. cited Indivo as a good model in The Innovator's Prescription: A Disruptive Solution for Health Care. Let's take a look at what makes the combination so powerful.

Platform and reference implementation

The philosophy underlying this distributed open source initiative is to get clinicians, health researchers, and patients to share data and work together. Today, patient data is locked up in thousands of individual doctors or hospital repositories; whether they're paper or electronic hardly makes a difference because they can't be combined or queried. The patient usually can't see his own data, as I described in an earlier posting, much less offer it to researchers. Dr. Kenneth Mandl, opening the conference, pointed out that currently, an innovative company in the field of health data will die on the vine because they can't get data without making deals with each individual institution and supporting its proprietary EHR.

The starting point for changing all that, so far as this conference goes, is the SMART platform. It simply provides data models for storing data and APIs to retrieve it. If an electronic health record can translate data into a simple RDF model and support the RESTful API, any other program or EHR that supports SMART can access the data. OAuth supports security and patient control over access.

Indivo is a patient health record (or, to use the term preferred by the conference speakers, a personally controlled health record). It used to have its own API, and the big significance of Monday's 2.0 release is that it now supports SMART. The RESTful interface will make Indivo easy to extend beyond its current Java and Python interfaces. So there's a far-reaching platform now for giving patients access to data and working seemlessly with other cooperating institutions.

The big missing piece is apps, and a hackathon on Tuesday (which I couldn't attend) was aimed at jump-starting a few. Already, a number of researchers are using SMART to coordinate data sharing and computation through the i2b2 platform developed by Partners. Ultimately, the SMART and Indivo developers hope to create an app store, inspired by Apple's, where a whole marketplace can develop. Any app written to the SMART standard can run in Indivo or any other system supporting SMART. But the concept of an app in SMART and Indivo is different from a consumer market, though. The administrator of the EHR or PHR would choose apps, vetting them for quality and safety, and then a doctor, researcher, or patient could use one of the chosen apps.

Shawn Murphy of Partners described the use of i2b2 to choose appropriate patients for a clinical study. Instead of having to manually check many different data repositories manually for patients meeting the requirements (genetic, etc.), a researcher could issue automated queries over SMART to the databases. The standard also supports teamwork across institutions. Currently, 60 different children's hospitals' registries talk to each other through i2b2.

It should be noted i2b2 does not write into a vendor's EHR system (which the ONC and many others call an important requirement for health information exchange) because putting data back into a silo isn't disruptive innovation. It's better to give patients a SMART-compatible PHR such as Indivo.

Standards keep things simple

All the projects mentioned are low-budget efforts, so they all borrow and repurpose whatever open source tools they can. As Mostashari said in his video keynote, they believe in "using what you've got." I have already mentioned SMART's dependence on standards, and Indivo is just as behold to other projects, particularly Django. For instance, Indivo allows data to be stored in Django's data models (Python structures that represent basic relational tables). Indivo also provides an even simpler JSON-based data model.

The format of data is just as important as the exchange protocol, if interoperability is to success. The SMART team chose to implement several "best-of-breed" standards that would cover 80% of use cases: for instance, SNOMED for medical conditions, RxNORM for medications, and LOINC for labs. Customers using other terminologies will have to translate them into the supported standards, so SMART contains Provenance fields indicating the data source.

The software is also rigorously designed to be modular, so both the original developers and other adopters can replace pieces as desired. Indivo already has plenty of fields about patient data and about context (provider names, etc.), but more can be added ad infinitum to support any health app that comes along. Indivo 2.0 includes pluggable data models, which allow a site to customize every step from taking in data to removing it. It also supports new schemas for data of any chosen type.

The simplicity of Indivo, SMART, and i2b2--so much in contrast with most existing health information exchanges--is reminiscent of Blue Button. Mandl suggested that a Blue Button app would be easy to write. But the difference is that Blue Button aimed to be user-friendly whereas the projects at this conference are developer-friendly. That means that can add some simple structure and leave it up to app developers to present the data to users in a friendly manner.

The last hurdle

Because SMART and Indivo ultimately want the patient to control access to data, trust is a prerequisite. OAuth is widely used by Twitter apps and other sites across the Web, but hasn't been extensively tested in a health care environment. We'll need more experience with OAuth to see whether the user experience and their sense of security are adequate. And after that, trust is up to the institutions adopting Indivo or SMART. A couple speakers pointed out that huge numbers of people trust mint.com with their passwords to financial accounts, so when they learn the benefits of access to patient records they should adopt Indivo as well. An Indivo study found that 84% of people are willing to share data with social networks for research and learning.

SMART, Indivo, and i2b2 make data sharing easier than ever. but as many have pointed out, none of this will get very far until patients, government, and others demand that institutions open up. Mandl suggested that one of the major reasons Google Health failed was that it could never get enough data to gain traction--the health providers just wouldn't work with the PHR. At least the open source standards take away some of the technical excuses they have used up to now.

June152012

I had a chance yesterday to attend one day of the Games for Health conference, which covers one of the fastest-growing areas of mobile apps and an area of innovation that clinicians and policy-makers are embracing with growing enthusiasm.

The gamification of everyday life has become a theme of modern business, as well as public health and other groups interested in motivating people. Fun is now the ally, not the enemy, of intelligence, productivity, social engagement, and well-being. Here are a few existing or upcoming projects that illustrate what games are doing in health care:

A researcher developed a game for people with Attention Deficit Disorder that pops distractions up from time to time. If the player gives in to the distraction, the game ends. Over time, as the player gets better at ignoring distractions, they increase in order to test him further. The researcher claims that a few hours of this game eliminated the symptoms of ADD for several months afterward in many children, achieving more than drugs and other therapies.

A company is working with the Department of Defense on a game that encourages wounded soldiers to do their physical therapy. Normally, PT is an hour or more of boring, repetitive, painful exercise (I know, having undergone it). The game simply presents you with obstacles that you have to remove by performing one of the motions prescribed by the physical therapist. Thus, it keeps you engaged and randomizes the exercises to keep them fresh.

A web-based game asks you to wager game currency on whether an individual is likely to get a particular disease. The game presents you with increasing amounts of information about the relationships between genes and disease. The overall message of the game is that knowing your personal genome doesn't offer much guidance on whether you'll get the disease or how to avoid it.

A soccer ball is loaded with a device that measures how much it's moving. From this, a hub can determine how much children are playing and track activity over time.

The last device, clever as it is, arouses depressing thoughts in me. When I was a kid (insert appropriate background music here), nobody had to provide sensors or track our progress to persuade us to take a ball to an empty lot across the street for a game. But that particular lot is now covered with tract housing and the street is so busy that not even the most danger-immune wild child would try to cross it. Meanwhile, parents are afraid (sometimes for good reason and sometimes not) of letting kids wander unattended, and the lures of cable TV and social networks keep them on their couches. So I'm happy to see the digital incentives to increase exercise.

And although gaming hasn't reached the mainstream of health care yet, it's getting there. The Department of Health and Human Services has championed games, and major research centers in health care are developing programs for clinicians.

Getting to the conference at the Hyatt Harborside on the Boston waterfront was the first challenge, and after earning that badge, my next hurdle was avoiding the breakfast buffer. But as an attendee pointed out to me, being physically isolated helped keep people on site and talking to each other. Certainly, the location was spectacular, with lunch on the patio facing a view of the Boston skyline.

Personal control and empowerment in all areas of life were the theme of the day, and were expertly introduced in the opening keynote by well-known researcher Jane McGonigal. She started by reviewing the major regrets people express at the end of their lives. I don't think that I'll regret spending time listening to Jane McGonigal. Although she was pushing the use of her SuperBetter tool for personal growth, the basic principles are easy to follow independently. Pick a difficult but achievable goal that means a lot to you. Measure what you do each week. Enlist friends for support and positive thinking, etc. I'm doing it myself, and maybe next year I won't eat the muffins.

Jane McGonigal's keynote.

The government is here to help you

There's a fine line between games that promote general health and games that have a special medical purpose. I would guess (as a lay person) that the latter category includes the game to combat ADD and the game to promote PT. And this category is subject to regulation by the FDA. We had a session by lawyer James M. Flaherty, Jr. on this seemingly dull topic, and I'm happy that a lot of people came and treated the subject respectfully. When we trust something with a medical matter, even a game, we need to trust that it will have the desired effect and not harm us.

Thus, if a game is tied to a particular medical device that the FDA is already regulating, the game is subject to the same regulation. That may require the manufacturer to go so far as to arrange a clinical trial and get approval from an Institutional Review Board. A game could also be subject to FDA regulation if the manufacturer claims a medical benefit. (On the other hand, a doctor is free to advise patients to use a game for some medical purpose without triggering FDA regulation.)

FDA regulations are undergoing major changes in this area. A year ago they release a Draft Guidance Document on Mobile Medical Applications, which may be worth consideration by gamers, and some documents on games are likely to follow. Recognizing that current registration procedures are cumbersome, Congress is well along the way to passing legislation that would reform the regulations and ask the FDA to hold discussions with people in the field--discussions that Flaherty urged us all to join. Game-makers also have to start thinking of experiments that can demonstrate the safety and effectiveness of their products.

Too healthy for your own good?

I brought away only a couple dystopic thoughts from Games for Health. One revolved around the privacy worries that accompany every activity modern people do online. Doctors and other professionals engaged in our care are regulated concerning whom the share our information with, and for what purposes. But game manufacturers and sites that offer to track us are not covered by rules like HIPAA. We should check their privacy policies before using them, and be aware that they have lots of incentives to mine the data and use it for marketing and other purposes.

The other, related, worry was about compelled participation. If your employer forces you to enroll in a program to lose weight, or your insurance company bases its premiums on your blood sugar levels, it's a game-changer. One journalist recently compared self-tracking and Quantified Self to B.F. Skinner-like behaviorism, which struck me as absurd because in self-driven health movements the individual is making choices all along. The comparison takes on more relevance if an outsider is trying to control your behavior.

And if external rewards are tied to game-playing, incentives to cheat tail along. People will hack devices to report better results than they actually achieve, hire people to do things that they report themselves doing, etc. Certificates and encryption will have to be put in place. The landscape of health and gamification will be degraded.

Let's reserve these concerns for policy-making, while keeping them in mind while designing games that people use voluntarily and enjoy.

June132012

If health care reform depends on patient engagement and the mining of public health data, it depends equally on protecting the patient's privacy. Moreover, real-life stories from victimized patients show that privacy is caught up with issues of security, clinical decision-making, mobile health, and medical errors. After the patient access summit and the health data initiative forum, therefore, it was supremely appropriate for me to attend the second annual health privacy summit, which I helped to organize.

Joy Pritts and others on panel.

The conference this year had even more detail and more subtle nuance than the conference I reported on last year. Last year's summit put a valuable stake in the ground to acknowledge the importance of privacy in health policy, and this year we took off from that point. Two leading members of the Office of the National Coordinator at the Department of Health and Human Services came to speak--National Coordinator Farzad Mostashari and Chief Privacy Officer Joy Pritts--and Patient Privacy Rights, the conference organizers, created a new Louis D. Brandeis privacy award that was accepted by Congressmen Joe Barton and Ed Markey, world-renowned security expert Ross Anderson, and long-term privacy researcher Alan Westin.

About 150 people came to the conference, which took place Wednesday and Thursday last week. Hundreds more followed webcasts live, and these will be posted online.

Scope of the privacy debate

The health care field is divided between those who think privacy is pretty good already and should not suck up resources that could go into other reforms, and those who insist on reviewing all changes to practices and technology. The latter sometimes say that it need not be a "zero-sum game" (in fact, Mostashari stated that in his keynote). On the contrary, they suggest that a patient's trust in privacy protection is actually a prerequisite to data sharing and good medical care, because a patient will just keep embarrassing information secret if she is afraid it will fall into the wrong hands.

The debate can get complicated because it involves laws that have changed over time and vary from state to state, common practices that undermine stated commitments to following the law (such as taking data home on unencrypted laptops), ignorance on many sides, and bad actors who are not dissuaded by even the best regulations and institutional practices. Because the debate was covered in my article from last year's conference, I'll just update that to say that more speakers this year affirmed a tension between privacy and the kind of data sharing needed to improve patient care. I heard several statements along the lines of one by Ann Freeman Cook, a psychology professor and ethics researcher, who found IRBs struggling and finding it impossible to reconcile patient privacy with the needs of researchers and the public.

A number of heart-rending stories from patients were shared at the beginning of the summit. If one examined them carefully, one could cavil over whether each story really represented a privacy breach. Some of the stories were more about errors or about poorly recorded decisions (often in EHRs that were too rigid to accurately represent patient complaints). And the privacy breaches were sometimes just bad luck--more the result of a malicious actor bypassing safeguards than a lack of safeguards.

Nevertheless, I accepted that all of them fell under the umbrella of "privacy protections." Privacy is about the right of the patient to control his data, and it involves all these things. So the topics at this conference are relevant to all the issues health care advocates talk about regularly: data exchange and ACOs, clinical research, the use of apps on mobile devices, the Quantified Self movement, and social networking in patient empowerment.

Highlights

Here are some of the interesting topics mentioned at the conference.

Leading privacy researcher Latanya Sweeney showed off her Data Map that shows all the places patient data gets sent in the normal run of treatment, payment, public health, and research. Suggestions are requested.

Built-in privacy: Mostashari pointed out that a concern for privacy led the group designing the Direct project to make sure that the middleman routing data should never know who is sending or receiving. Identities are buried in the encrypted body of the message.

Ross Anderson delivers keynote.

Security expert Ross Anderson, who has studied health care systems all over Europe, suggested a number of measures to protect patient privacy. Some are standard security measures: keep information scattered in different repositories (this would mandate HIEs in the US that query doctors for information instead of uploading it to their own servers); don't give central authorities automatic access to data; use role-based access (but that's hard to do properly). Another safeguard is to let the patients audit their own data. Anderson pointed out that longitudinal data--which researchers value highly--is impossible to de-identify because there is too much data snoopers can use to link the data with other sources about the patient. He also said problems arise when the government tries to move fast and throws a lot of money at a problem, which sounds uncomfortably like the meaningful use payments.

Three companies were chosen for the best health privacy technologies of 2012:

Trend Micro wins technology award.

Jericho Systems captures patent consents and translates them to technological controls. A patient can can see in his PHR who is making a request for his data, for instance.

Trend Micro's Deep Security incorporates the standard security protections for a networked environment (virus scanner, firewall, file integrity checker, etc.) into a cloud solution. Thus, even if the server is breached, the system may be able to prevent data from being extracted.

Segmented data, which means the ability to share certain specific information while hiding other, more sensitive information, came up several times. The field is nowhere near ready, technically or organizationally, to support something like sharing information about your broken arm while hiding your psychiatric records. But several institutions are working on standards.

Several panelists called for privacy by default: it isn't fair to present a complex document to a patient and expect her to understand all the implications (which no one can do anyway). Maneesha Mithal reported a policy at the Federal Trade Commission that the most important privacy impacts must be highlighted, not buried in an inscrutable policy. Information technology research Andrew Dillon suggested that, instead of educating patients about the awful forms they sign, we should improve the forms (and by implication, the policies they define).

A couple doctors spoke up to say that they felt uneasy entering information into records (particularly psychiatric information) because they didn't know who would end up seeing it.

A lot of discussion covered who should explain privacy policies to the patient. Handing them a form at the start of a visit is not an effective way to get meaningful consent. Some said the doctor herself should ideally explain the privacy implications of the visit, although this eats into the severely restricted time that the doctor has with the patient.

Two speakers--EPIC representative Lillie Coney and re-identification expert Daniel Barth-Jones--reported that, luckily, it's quite hard to re-identify patient data that has been de-identified for the purposes of research and public health. Barth-Jones doubted that anyone has performed any actual re-identifications, other than researchers proving that re-identification is theoretically possible.

Ann Freeman Cook pointed out that people often agree to share data, tissues, and other samples with with researchers in order to get free care. Therefore, the poor and uninsured are more likely to relinquish privacy safeguards. And these samples are kept for a long time, so it's impossible to know how they'll be used.

The ONC's Standards & Interoperation Framework got contrasting reviews. On the one hand, it is hard to understand because it refers to so many technologies and standards. On the other hand, these references root it firmly in state-of-the-art practices and make implementation feasible.

Wrap-up

Last week's series of conferences in Washington--of which I attended maybe half--were the most intense concentration I've seen of health care events. A few people got to bounce around and experience everything. Only that elite tends to put in the research to really understand all the facets of patient engagement, data sharing, application development, business opportunities, privacy issues, and points to leverage institutions for change that will really improve our health care system and lower costs. I think that most providers, administrators, and researchers stumble along with good intentions but a lack of a full vision.

We can fix our health care systems if we educate doctors and patients to work together; create teams that have incentives to deliver the best care; open up data about the health care industry; incorporate low-cost devices into patient-centered medical homes, and incorporate the best research into clinical decision support. I'm sure readers could suggest other related elements of a solution. A crucial background role will be played by technological improvements and standards. All this is extremely hard to explain in a single coherent vision, although numerous books about radical reform to the health care system have come out over the past couple years. Those with expertise in a particular area of technology or organizational development must do their best to educate themselves with the wider vision, and then act locally to make it happen.

June122012

Back in 2010, the first health data initiative forum by the Dept. of Health and Human Services introduced the public to the idea of an agency releasing internal data in forms easy for both casual viewers and programmers to use. The third such forum, which took place last week in Washington, DC, was so enormous (1,400 participants) that it had to be held in a major convention center. Todd Park, who as CTO made HHS a leader in the open data movement, has moved up to take a corresponding role for the entire federal government. Open data is a world movement, and the developer challenges that the HDI forum likes to highlight are standard strategies for linking governments with app programmers.

Todd Park on main stage.

Following my attendance at a privacy access summit the previous day, the HDI forum made me think of a government bent on reform and an open-minded public crossing hands over the heads of the hidebound health institutions that blunder onward without the benefits of tapping their own data. I am not tossing all hospitals, doctors, and clinics into this category (in fact, I am constantly talking to institutions who work with available data to improve care), but recording and storage of information in health care generally retards anyone interested in change.

Health and Human Services chooses torrents over leaks

Able to attend the forum only on the first day, I spent a lot of it in a session on HHS data sets at Healthdata.gov because I wanted to know exactly what the department has to offer and how the data is being used.

HHS staff at break-out session.

Several things impressed me about the procession of HHS staff that crossed the stage to give five- or ten-minute presentations on data sets. First was the ethos of data sharing that the department heads have instilled. Each staff person showed visible pride in finding data that could be put on the Web. A bit of competitive spirit drives different departments that may have more or fewer resources, and data that comes naturally in a more structured or less structured form. One person, for instance, said, "We're a small division and don't have the resources of the others, but we managed to release several data sets this year and one has an API."

Second, the department is devoting resources to quality. I've heard several complaints in the field about lack of consistency and other problems in public health data. One could hardly avoid such issues when data is being collected from hundreds of agencies scattered across the country. But the people I talked to at the HHS forum had ways of dealing with it, such as by requiring the researchers who collect data to submit it (so that trained professionals do the data entry), and running it through quality checks to look for anomalies.

Third, the department knows that outside developers coming to their site will need extra help understanding the data being collected: what the samples represent, what the scope of collection was, and so forth. In addition to a catalog powered by a Solr search engine, HHS provides direct guidance to the perplexed for those developing apps. They are also adding Linked Data elements to help developers combine data sets.

The Assistant Secretary for Planning and Evaluation tracks workforce development, particularly in health IT, and measures the affordability of health care reflected in costs to employers, patients, and the government.

Recently, HHS has intensified its efforts by creating a simple Web interface where its staff can enter data about new data sets. Data can be uploaded automatically from spreadsheets. And a new Data Access and Use Committee identifies data sets to release.

So now we have public health aids like the Community Indicators Data Portal, which maps the use of Medicaid services to poverty indicators, infant mortality, etc.

HealthMap, created by Children's Hospital Boston, is used by a fascinating range of projects. They scoop in huge amounts of data--mostly from news sites, but also blogs, and social networks--in multiple languages around the world, and apply a Bayesian filter to determine what's a possible report of a recent disease outbreak. After a successful flu-tracking program based on accepting reports from the public, they did a dengue-tracking program and, in Haiti, a cholera-tracking program.

But valuable as HHS data is to public health, most of it is not very sexy to the ordinary patient or consumer. If you're curious how your Medicare charges compare with average payments for your county, go ahead and mine the data. But what about something immediately practical, such as finding the best hospital for a procedure?

Other jurisdictions are joining the health data movement. Many countries have more centralized systems and therefore can release large amounts of data about public health. The United Kingdom's National Health Service was featured at the HDI forum, where they boasted of posting 3,000 health indicators to their web site.

The state of Louisiana showed off a cornucopia of data, ranging from user restaurant ratings to ratings of oyster beds. Pregnancy risk factors, morbidity rates, etc. are broken down by race, sex, and other demographics. The representative freely admitted that the state has big health problems, and urgently called on developers to help it mine its data. The state recently held a "Cajun codefest" to kick off its effort. HHS also announced five upcoming local datapaloozas in other states around the U.S.

I talked to Sunnie Southern, a cofounder of a Cincinnati incubator called Innov8 for Health. They offer not only challenges for new apps, but guidance to help developers turn the apps into sustainable businesses. The organization also signs up local hospitals and other institutional users to guarantee a market to app developers. Southern describes Innov8 for Health as a community-wide initiative to support local developers and attract new ones, while maintaining deep roots among multiple stakeholders across the health care, university, startup, investors, and employer stake holders. At the inaugural class, which just took place, eight companies were chosen to receive intensive mentoring, introductions and connections to potential customers and investors, and $20,000 to start their company in 12 weeks. Health data is a core element.

How far can a datapalooza take the health care field?

Health apps are a fast-growing segment of mobile development, and the government can certainly take some of the credit, along with VC and developer recognition that there's a lot of potential money to be made fixing health care. As Todd Park said, "The health innovation ecosystem is beautifully chaotic, self-propelled, and basically out of control." That means the toothpaste can't be put back in the tube, which is a good thing.

The HDI forum is glitzy and exciting--everybody in health care reform shows up, and the stage show is slickly coordinated--but we must remember the limits of apps in bringing about systemic change. It's great that you can use myDrugCo$ts.com to find a discount drug store near you. Even better, if your employer hooks you up to data sets provided by your insurer, myDrugCo$ts.com can warn you about restrictions that affect costs. But none of this will change the crazy pricing in the insurance plans themselves, or the overuse of drugs in medicine, or the inefficient development and testing methods that lead to high medication prices in the first place.

Caucus of Society for Participatory Medicine and friends.

Transparency by one department on one level can lead to expectations of transparency in other places too. As pricing in health care becomes more visible, it will become less defensible. But this requires a public movement. We could do great things if we could unlock the data collected by each hospital and insurance agency, but they see that data as their competitive arsenal and we are left with a tragedy of the anti-commons. It would be nice to say, "You use plenty of public data to aid your decision-making, now reciprocate with some of your own." This can be a campaign for reformers such as the Society for Participatory Medicine.

At the HDI forum, United Healthcare reported that they had enough data to profile patients at risk for diabetes and brought them in for a diabetes prevention program. This is only a sample of what can be done with data that is not yet public.

Aetna presenter shows CarePass on the main conference stage.

Aetna is leading the way with a service called CarePass, currently holding a developer challenge. CarePass offers Aetna's data through an API, and they partner with other major data centers (somewhat as Microsoft does with HealthVault) to hook up data. Practice Fusion is also offering some data to researchers.

Even those bright-faced entrepreneurs launching businesses around data from HHS and elsewhere--certainly their success is one of the goals of the open data movement, but I worry that they will recreate the silos of the health care field in the area of patient data. What are they collecting on us as we obsessively enter our personal statistics into those devices? Who will be able to use the aggregate data building up on their servers?

So there are hints of a qualitative change that can come from quantitative growth in the release and reuse of health care data. The next step involves the use of personal data, which raises its own litany of issues in quality and privacy. That will be the subject of the last posting in this series.

June112012

A convocation of trend-setters and organizational leaders in U.S. health care was called together in Washington last Monday, June 4. The attendees advised two government organizations driving health reform--the Office of the National Coordinator at the Dept. of Health and Human Services, and the Dept. of Veteran Affairs--how to push forward one of their top goals, patient engagement.

The results of the meeting, to me, demonstrated mostly the primitive state of communications and coordinated care in the U.S. health system. In an earlier posting I discussed the sorry state of health data exchange, and Monday's patient access summit centered on the same factors of siloing and data hoarding as barriers to patient engagement.

Farzad Mostashari, the National Coordinator for Health Information Technology, tried to set the scope of the meeting as an incubator to suggest practical ways patients could use the data they get from health providers. (As I'll explain later, we also touched on data patients generate themselves.) His reasoning, which I endorse, is that patients currently can't do much with data except keep it somewhere and pass it to other health providers, so in order to engage them we need to provide tools for them to improve their health with this data.

But the pulse of the 75 or so attendees gave quite a different message: that we're nowhere near ready to discuss uses of data, and that our efforts at patient engagement should start with getting the data to the patients in the first place.

Several attendees have already blogged about various aspects of the meeting:

The notions of patients pouring over doctors' notes, correlating their own test results, and making demands on their care providers may carry a faint whiff of utopianism, but thousands of patients do these things every day--and do them even when deprived of the electronic aids that could make these activities natural. The people in the room for the patient access summit were by no means utopians. They are intense movers in the health care field with deadlines to meet and budgets to allocate. So when they call for patient access to data, it's because they all see it as critical to solving the quality and cost problems their own organizations face.

Patient engagement is critical because most health care takes place outside the doctor's office or operating room. Patients need to take control of their own lifestyles for the problems that put a lot of strain on our health care system, such as obesity. They need to follow through on post-release instructions and monitor themselves for symptoms.

And in the silo'd state of today's health system, the patients need to make sure their data gets to health providers. We heard over and over at the patient access summit how patients have entered treatment centers without the information needed to treat them, how doctors would refuse point-blank (in violation of the law) to give patients their folders, and how patients received inadequate care because of the lack of information.

Patient participation in health care is not only good for the individuals who do it, but are crucial for prying open the system as a whole. The providers, vendors, and insurers are moving too slowly. Their standards and electronic health records lack fields for all the data people are generating through their Fitbits and Zeos, and they don't have pathways for continuously uploading patient-generated data. This lapse can be turned into a plus: device manufacturers and programmers out in the field will develop new, more flexible, more robust standards that will become the next generation of EHRs and personal health records. A strong push from empowered patients can really change the way doctors work, and the associated costs.

Opinions differ about the roles of electronic records, interchange systems, culture, and business models in the recalcitrance of doctors to release patient data, which I'll discuss in the last section of the article. Getting the answer to these questions right should determine the strategy government and consumers use to breach the silos. But the consensus at the patient access summity was that we need to pursue these strategies fast, and that the fate of the rest of health care reform will rest on our success.

The first half of the Washington meeting meandered through various classic areas under constant debate in the health care field. This seemed necessary so that the participants in the summit could feel each other out, untangle some of their differences and ultimately come to a position of trust so they could agree on the topics in the previous section. I noted the following topics that threaded through the debate without resolution.

Technology versus culture

Debates come up all the time when organizational change is on the agenda about the importance of the technologies people use versus their workflows, attitudes, and willingness to change. I find the discussions silly because people usually find themselves pushed to an either-or position and that just doesn't make sense. Of course technology can facilitate change, and of course the technology will be a big waste of time and money if the human participants fail to understand the behavior changes they need to make along the way.

But the Washington attendees raised these issues as part of the strategy-setting I mentioned earlier. Certainly, the government would prefer to avoid creating or mandating the use of certain technologies. The question is whether the ONC and VA can set goals and leave it up to the market to find the way.

Sometimes the health care field is so distorted and dysfunctional that the government feels it has to step in, such as when HHS created CONNECT and then Direct. Without these, the health care providers and health information exchanges (HIEs) would claim that exchanging patient data was an expensive or intractable problem. One might also interpret the release of VistA and BlueButton to the general public as the VA's statements about how health care should be conducted.

So Mostashari's original call for actions that patients could take fits into the technology end of the debate. By suggesting technological paths forward, we can effect cultural change. For instance, if a patient uses an app or web site to view all the potential reactions between the drugs she takes (and I heard one estimate this week that people in their 80s take between five and eight medications), she can warn her own doctor about an adverse reaction.

Ultimately, the working groups that today's meeting settled on included a lot of technological innovation.

The need for standards

Standard setting is another perennial area for disagreement, because premature standard-setting, like premature optimization, can have an effect opposite to what you want. If we took all the efforts that companies put into standards that bombed in the marketplace and devoted the resources over the decades to competition between innovations, we might have an explosion of new technologies. So even if you accept the value of technology to effect culture change, you can ask where and when can governments and standards committees can intervene positively.

And this caution applies to health care too. The old guard of EHRs and HIE suffer from a lack of (useful) standards. But I mentioned earlier, an exciting explosion of patient-centered apps and devices is developing in the absence of standards. The Washington meeting ended up endorsing many standard-setting efforts, although these applied mostly to mature fields such as EHRs.

Transfer standards versus data format standards

Mixed up in the debate over the timing of standards was a distinction between standards used for sending data around and standards used to represent the data. The former are called protocols in the communications field. HTTP is a transfer standard, for instance, whereas as HTML is a data format standard. Both are needed to make the World Wide Web operate. And both ended up part of the action items from the patient access summit.

Privacy versus data availability

As I reported from the first health privacy conference, health care advocates argue over the importance of privacy. At the patient access summit, everybody who spoke on this topic prioritized the exchange of data. Privacy concerns are the magic amulet that providers wave at patients to ward off their requests for data. But in fact, the much-derided Health Insurance Portability and Accountability Act (HIPAA) requires providers to give patients data: that's what the terms Portability and Accountability in the name refer to. The providers are required to take reasonable steps to preserve privacy--and the Direct project aims to simplify these--but the patient can waive even these modest safeguards if he or she is anxious to get the data quickly.

Given our skepticism toward claims of security concerns, a bit of security theater we encountered as we entered the conference center is illustrative. We were warned ahead of time that the facility was secure and told to bring a government-issued photo ID. Indeed, the guard checked my ID and looked at my face when I entered, but nobody checked my name against a list to see whether I was actually supposed to be there.

A later article in this series will explore the relationships between privacy, security, patient access, accuracy, and accountability that create a philosophy of control.

Motivations for doctors versus patients

Another topic at the patient access summit that reflected a dilemma in the health care field is how much effort to aim at the doctors versus the patients, when trying to change the behavior of both. Many patients try to engage as adults in their own care and are stymied by resistant doctors. And as I pointed out in an earlier posting, the patients who need the most lifestyle changes ignore their own perilous conditions. So these considerations would suggest focusing on motivations for doctors to change.

But a market approach would suggest that, when enough patients want to have a say in their care, and have the means to choose their doctors, change will reach the examination rooms. The conclusions of the patient access summit did not reflect any particular positions along this spectrum. Participants pointed out, however, that institutions such as Kaiser Permanente who wanted patients to use their portals invested a lot into advertising them.

Pushing versus pulling data

Telephone calls, email, and online chats are push technology, in that the person sending them decides when (approximately) they are delivered. The web is a pull technology, because the recipient visits the site at his or her choosing. In health exchange, one doctor may push a patient's records to the next provider, or the next provider can pull them when the patient is due to arrive. Sometimes articulated unhelpfully as a battle for push versus pull, our discussion revealed that each had its uses.

The issue is especially salient when a patient has records stored by multiple institutions. Currently, a patient can pull records from each and (if they use a common format such as BlueButton) combine them. In fact, a mobile app named iBlueButton allows a patient to show data from providers to a doctor during a visit. But it would be much better for each institution to push information to the patient as it's added to the institution's record. This would bring us closer to the ideal situation where records are stored by a site on behalf of the patient, not the doctor.

Now we get to the meat of the summit. Leaders asked participants to define areas for research and to make commitments to incorporate the results of the research teams into their products and activities. Three action items were chosen, and two were excluded from consideration at this round.

Automated downloads

A number of organizations, such as Aetna Health Plans have adopted the BlueButton format created at the VA. In the line-up of data formats available for storing health information, BlueButton is shockingly casual. But it's list of plain-text fields is easy to read and unfrightening for patients. It is also undeniably popular, as the number of VA patients downloading their data approaches one million. So the immediate impetus for the first goal of the patient access summit, dubbed "automating BlueButton," is to keep patients' records up to date and integrated by pushing data to them from institutional EHRs.

But BlueButton can be massaged into other formats easier for programs to manipulate, the so the "automating BlueButton" task really refers to the entire movement to empower patients who want control over their records. One way to state the principle is that every action in a hospital's or doctor's EHR will be accompanied by an update to the patient's copy of the data. Hopefully this movement will soon lead to simple but program-friendly XML formats, robust transfer standards such as Direct, and universal integration of hospital and clinic EHRs with patient health records.

Identification and access technologies

Congress has ruled out a single nation-wide ID for patients, thanks to worries from privacy advocates that the system could facilitate identity theft and commercial data mining. Some have proposed a Voluntary Universal Healthcare Identifier (VUHID), but that's encumbered with the same problems. Identification systems used nowadays for HIE are cumbersome and error-prone, and revolve around cooperating health care institutions rather than individual patients with few resources. Individual hospitals can verify patients' email addresses and passwords when they come in for treatment, but in-person authentication doesn't scale to data exchange.

A more rational solution revolves around certificates and digital signatures, which security-conscious institutions in government and industry have used for years. The has gotten a bit of a bad rep because it has been poorly implemented on the Web (where browsers trust too many certificate authorities, and system administrators fail to keep accurate signatures) but the health care system is quite capable of implementing it properly. The Direct Trust project is creating a set of practices and hopefully will stimulate the industry to create such a system. In fact, I think Direct Trust is already addressing the issues listed under this task. OAuth was also mentioned repeatedly at the summit. the National Strategy for Trusted Identities in Cyberspace was also mentioned.

The questions of identifying oneself and of authorizing access to data are linked, so they were combined in a single working group even though they are somewhat distinct technically.

Standards for content

The final task approved at the patient access summit was to work further on data standards. It was late in the day and the task was defined only in a very broad manner. But I think it's an important leg of the patient access stool because current standards for patient data, such as HL7's CDA, were meant for communicating the results of clinical interventions. They'll be hard to use when patients generate and store their own data, both because they lack the appropriate fields and because they aren't designed for continuous uploads of data. Segmented access (allowing providers to see certain records while withholding records that the patient considers sensitive) was also mentioned.

Patient-generated data

I mentioned at the summit that patients are starting to generate data that could be invaluable in their treatment, and that the possession of this data gives them leverage. Doctors who are serious about treating common chronic issues such as hypertension, or any condition that can be improved through careful monitoring, will want the patient data. And patients can use their leverage to open up doctors' EHRs. As patients got more involved in their care, the very term "provider" (meaning a doctor or other professional who provides diagnosis and treatment) will become obsolete. Patients will be co-providers along with their professional team.

Patient-generated data got some attention during the day, but the attendees concluded that not enough time had been spent on it to turn it into an action item.

Privacy

The final issue on the agenda for the day was privacy. I estimate that we spent a full half-hour at one point, in addition to which it was raised at other times. Because I am covering privacy in the third article of this series, I'll simply say here that the attendees were most concerned about removing excuses for data exchange, and did not treat risks to privacy as a problem to be fixed.

I'm proud that the ONC and VA created a major discussion forum for patient access. I think the issues that came up were familiar to all participants in the meeting, and that ONC together with industry partners is already moving forward on them. The summit provided affirmation that the health care field as a whole takes the issues seriously, and the commitments that will arise from the meeting will lend more weight to government efforts.

And a lot of the time, knowledgeable patients need to know that progressive health care leaders and the government have "got their back" as they demand their rights to know what's going on in their bodies. The Office of Civil Rights has publicly championed the patients' right to their data (in fact, the biggest fine they've levied for a HIPAA violation concerns a refusal to release data to a patient), and the initiatives we all supported last Monday will give them more tools to use it.

Regulations can make a difference. A representative from Practice Fusion told me they offered a patient download option on their EHR service years ago, but that most doctors refused to allow it. After the ONC's meaningful use regulations required patient access, adoption by doctors went up 600%.

While laying the groundwork for patient access, we are ready to look forward to wonderful things patients and providers can do with data. That will be the subject of my next article in the series, which will cover the health data initiative forum I attended the next day.

May212012

(Background: Most government advisory committees are stocked with representatives of corporations and special interest groups who distort government policies, sometimes unconsciously and with good intentions, to fertilize their own turfs. In health information technology, we have a rare chance to ensure that the most affected members of the public actually have their own direct representative. The GAO is directed by law to propose members for a Health Information Technology Policy Committee, and there is an opening for someone who "advocates for patients or consumers." A movement is building in support of Regina Holliday, nationally famous for her work on opening patient data, comments on Meaningful Use, and her images in her Walking Gallery. My letter follows. Letters to the GAO, HITCommittee@gao.gov, are due May 25.)

Government Accountability Office

441 G Street NW.

Washington, DC 20548

Dear Sirs and Madams:

I am writing in support of appointing Regina Holliday as a patient and consumer advocate on the Health Information Technology Policy Committee. I suggest this on two grounds: that she would be an excellent contributor to the committee, and that it is critical for the committee to hear from directly patients rather than the proxies who usually insert themselves in place of the patients.

Ms Holliday is nationally recognized among patient advocates as a leading expert on the patient experience and on the information technology required to improve health care, particularly the tools that will enable patient engagement, the Holy Grail of health care reform. Ms. Holliday is an expert on the Meaningful Use requirements that embody the health provisions of the American Recovery and Reinvestment Act (having submitted substantial comments on Stage 1 of Meaningful Use) and has advocated over many years for both technologies and policies that can improve delivery of health care and health information to patients.

Furthermore, Ms Holliday is in an excellent position to reflect the influence of public opinion on the HIT Policy Committee. She is a tireless researcher and advocate in the area of patient engagement, mastering both traditional channels such as lectures and modern Web-based media. In her Walking Gallery she collects stories from other people who have engaged intensively with the health care system and reflects the widespread experiences in her advocacy work. She is articulate and clear about the demands made by the public.

Finally, I would like to stress the importance of appointing an independent expert voice such as Ms Holliday on the HIT Policy Committee. Organizations claiming to represent patients have institutional agendas that always take first priority in their advocacy work. Members of the HIT Policy Committee who are paid representatives of established organizations are constantly tempted to bend policies to favor those established institutions, and the actual needs of the patient are never paramount. The thrust of the patient advocacy movement is to elevate the health of the patient above the continuity or profit of the institutions, which is why the voice of someone like Ms Holliday is crucial.

May162012

Great piles of cash are descending on entrepreneurs who develop health care apps, but that doesn't make it any easier to create a useful one that your audience will adopt. Furthermore, lowered costs and streamlined application development technique let you fashion a working prototype faster than ever, but that also reduces the time you can fumble around looking for a business model. These were some of the insights I got at Spring Fling 2012: Matchpoint Boston, put on by Health 2.0 this week.

This conference was a bit of a grab-bag, including one-on-one meetings between entrepreneurs and their potential funders and customers, keynotes and panels by health care experts, round-table discussions among peers, and lightning-talk demos. I think the hallway track was the most potent part of this conference, and it was probably planned that way. The variety at the conference mirrors the work of Health 2.0 itself, which includes local chapters, challenges, an influential blog, and partnerships with a range of organizations. Overall, I appreciated the chance to get a snapshot of a critical industry searching for ways to make a positive difference in the world while capitalizing on ways to cut down on the blatant waste and mismanagement that bedevil the multi-trillion-dollar health care field.

Let's look, for instance, at the benefits of faster development time. Health IT companies go through fairly standard early stages (idea, prototype, incubator, venture capital funding) but cochairs Indu Subaiya and Matthew Holt showed slides demonstrating that modern techniques can leave companies in the red for less time and accelerate earnings. On the other hand, Jonathan Bush of athenahealth gave a keynote listing bits of advice for company founders and admitting that his own company had made significant errors that required time to recover from. Does the fast pace of modern development leave less room for company heads to make the inevitable mistakes?

I also heard Margaret Laws, director of the California HealthCare Foundation's Innovations Fund, warn that most of the current applications being developed for health care aim to salve common concerns among doctors or patients but don't address what she calls the "crisis points" in health care. Brad Fluegel of Health Evolution Partners observed that, with the flood of new entrepreneurs in health IT, a lot of old ideas are being recycled without adequate attention to why they failed before.

I'm afraid this blog is coming out too negative, focusing on the dour and the dire, but I do believe that health IT needs to acknowledge its risks in order to avoid squandering the money and attention it's getting, and on the positive side to reap the benefits of this incredibly fertile moment of possibilities in health care. Truly, there's a lot to celebrate in health IT as well. Here are some of the fascinating start-ups I saw at the show:

hellohealth aims at that vast area of health care planning and administration that cries out for efficiency improvements--the area where we could do the most good by cutting costs without cutting back on effective patient care. Presenter Shahid Shah described the company as the intersection of patient management with revenue cycle management. They plan to help physicians manage appointments and follow-ups better, and rationalize the whole patient experience.

hellohealth will offer portals for patients as well. They're unique, so far as I know, in charging patients for certain features.

Corey Booker demo'd onPulse, which aims to bring together doctors with groups of patients, and patients with groups of the doctors treating them. For instance, when a doctor finds an online article of interest to diabetics, she can share it with all the patients in her practice suffering from diabetes. onPulse also makes it easier for a doctor to draw in others who are treating the same patient. The information built up about their interactions can be preserved for billing.

onPulse overlaps in several respects with HealthTap, a doctor-patient site that I've covered several times and for which an onPulse staffer expressed admiration. But HealthTap leaves discussions out in the open, whereas onPulse connects doctors and patients in private.

HealthPasskey.com is another one of these patient/doctor services with a patient portal. It allows doctors to upload continuity of care documents in the standard CCD format to the patient's site, and supports various services such as making appointments.

A couple weeks ago I reported a controversy over hospitals' claims that they couldn't share patient records with the patients. Check out the innovative services I've just highlighted here as a context for judging whether the technical and legal challenges for hospitals are really too daunting. I recognize that each of the sites I've described pick off particular pieces of the EHR problem and that opening up the whole kit and kaboodle is a larger task, but these sites still prove that all the capabilities are in place for institutions willing to exploit them.

GlobalMed has recently released a suitcase-sized box that contains all the tools required to do a standard medical exam. This allows traveling nurse practitioners or other licensed personnel to do a quick check-up at a patient's location without requiring a doctor or a trip to the clinic. Images can also be taken. Everything gets uploaded to a site where a doctor can do an assessment and mark up records later. The suitcase weighs about 30 pounds, rolls on wheels, and costs about $30,000 (price to come down if they start manufacturing in high quantities).

SwipeSense won Health 2.0's 100 Day Innovation Challenge. They make a simple device that hospital staff can wear on their belts and wipe their hands on. This may not be as good as washing your hands, but takes advantage of people's natural behavior and reduces the chance of infections. It also picks up when someone is using the device and creates reports about compliance. SwipeSense is being tested at the Rush University Medical Center.

Thryve, one of several apps that helps you track your food intake and make better choices, won the highest audience approval at Thursday's Launch! demos.

Winner of last weekend's developer challenge was No Sleep Kills, an app that aims to reduce accidents related to sleep deprivation (I need a corresponding app to guard against errors from sleep-deprived blogging). You can enter information on your recent sleep patterns and get back a warning not to drive.

It's worth noting that the last item in that list, No Sleep Kills, draws information from Health and Human Services's Healthy People site. This raises the final issue I want to bring up in regard to the Spring Fling. Sophisticated developers know their work depends heavily on data about public health and on groups of patients. HHS has actually just released another major trove of public health statistics. Our collective knowledge of who needs help, what works, and who best delivers the care would be immensely enhanced if doctors and institutions who currently guard their data would be willing to open it up in aggregate, non-identifiable form. I recently promoted this ideal in coverage of Sage Congress.

In the entirely laudable drive to monetize improvements in health care, I would like the health IT field to choose solutions that open up data rather than keep it proprietary. One of the biggest problems with health care, in this age of big data and incredibly sophisticated statistical tools, is our tragedy of the anti-commons where each institution seeks to gain competitive advantage through hoarding its data. They don't necessarily use their own data in socially beneficial ways, either (they're more interested in ratcheting up opportunities for marketing expensive care). We need collective sources of data in order to make the most of innovation.

OSCON 2012 Healthcare Track — The conjunction of open source and open data with health technology promises to improve creaking infrastructure and give greater control and engagement to patients. Learn more at OSCON 2012, being held July 16-20 in Portland, Oregon.

I think the AHA has overreached in its bid to slow down patient access to data, which I'll examine later in this article. But to me, the most poignant aspect of the AHA letter is its careful accumulation of data to show the huge gap between what health care calls for and what hospitals, vendors, standards bodies, and even the government are capable of providing.

Two AHA staff were generous enough to talk to me on very short notice and offer some clarifications that I'll include with the article.

A survey of the U.S. health care system

According to the AHA (translated into my own rather harsh words), the state of health IT in American hospitals is as follows:

Few hospitals and doctors can fulfill basic requirements of health care quality and cost control. For instance, 62% could not record basic patient health indicators such as weight and blood pressure (page 51 of their report) in electronic health records (EHRs).

Many EHR vendors can't support the meaningful use criteria in real-life settings, even when their systems were officially certified to do so. I'll cite some statements from the AHA report later in the article. Meaningful use is a big package of reforms, of course, promulgated over just a few years, but it's also difficult because vendors and hospitals had also been heading for a long time in the opposite direction: toward closed, limited functionality.

Doctors still record huge globs of patient data in unstructured text format, where they are unavailable for quality reporting, tracking clinical effectiveness, etc. Data is often unstructured because humans are complex and their symptoms don't fit into easy categories. Yet doctors have learned to make diagnoses for purposes of payment and other requirements; we need to learn what other forms of information are worth formalizing for the sake of better public health.

Quality reporting is a mess. The measures currently being reported are unreliable, and standards have not been put in place to allow valid comparisons of measures from different hospitals.

Government hasn't stepped up to the plate to perform its role in supporting electronic reporting. For instance, the Centers for Medicare & Medicaid Services (CMS) wants the hospitals to report lots of quality measures, but its own electronic reporting system is still in the testing stages, so hospitals must enter data through a cumbersome and error-prone manual "attestation." States aren't ready to accept electronic submissions either. The Direct project is moving along, but its contribution to health data exchange is still very new.

There's no easy place to assign blame for a system that is killing hundreds of thousands of people a year while sticking the US public with rising costs. The AHA letter constantly assures us that they approve the meaningful use objectives , but say their implementation in a foreseeable time frame is unfeasible. "We can envision a time when all automated quality reporting will occur effortlessly in a reliable and valid fashion. However, we are not there yet." (pp. 42-43)

So the AHA message petition to the CMS can be summarized overall as, "Slow everything down, but keep the payments coming."

AHA staff referred to the extensively researched article, A Progress Report On Electronic Health Records In U.S. Hospitals. It corroborates observations that adoption of EHRs has vastly increased between 2010 and 2011. However, the capabilities of the EHRs and hospitals using them have not kept up with meaningful use requirements, particularly among small rural hospitals with few opportunities to hire sophisticated computer technicians, etc. Some small hospitals have trouble even getting an EHR vendor to talk to them.

Why all this matters

Before looking at some details, let me lay out some of the reasons that meaningful use criteria are so important to patients and the general public:

After treatment, data must be transferred quickly to patients and the next organizations treating them (such as rehab centers and visiting nurses) so that the patients receive proper care.

Quality measures are critical so that hospitals can be exposed to sunshine, the best disinfectant, and be shamed into lowering costs and reducing errors.

Data must be collected by public agencies so that data crunchers can find improvements in outreach and treatment. Hospitals love to keep their data private, but that gives them relatively tiny samples on which to base decisions, and they often lack the skills to analyze the data.

No one can predict what will break logjams and propel health care forward, but the patient engagement seems crucial because most health care problems in developed countries involve lifestyle issues such as smoking and body weight. Next, to provide the kind of instant, pervasive patient engagement that can produce change, we need electronic records that are open to innovative apps, that can accept data from the patient-centered medical home, and that link together all care-givers.

The state of electronic health records

The EHR industry does not come out well in the AHA list of woes. The letter cites "unworkable, but certified, vendor products" (p.3) and say, "Current experience is marked by limited vendor and workforce capacity." (p. 7) The latter complaint points to one of the big hurdles facing health care reform: we don't have enough staff who understand computer systems and who can adapt their behavior to use them effectively.

Functionality falls far short of real hospital needs:

...one hospital system spent more than $1 million on a quality reporting tool from its vendor that was, for the most part, an unwieldy data entry screen. Even medication orders placed using CPOE [computerized physician order entry] needed to be manually re-entered for the CQM [Center For Quality Management] calculation. Even then, the data were not reliable, despite seven months of working with the vendor to attempt to get it right. Thus, after tremendous investment of financial and human resources, the data are not useful. (p. 45)

The AHA claims that vendors were lax in testing their systems, and that the government abetted the omission: "the proposals within the certification regulation require vendors to incorporate all of the data elements needed to calculate only one CQM. There is no proposal to require that certified EHRs be capable of generating all of the relevant CQMs proposed/finalized by CMS." (p. 41) With perhaps a subtle sarcasm, the AHA proposes, "CMS should not require providers to report more e-measures than vendors are required to generate." (p. 36)

Vendors kind of take it on the chin for fundamental failures in electronic capabilities. "AHA survey data indicate that only 10 percent of hospitals had a patient portal of any kind in Fall 2011. Our members report that none had anywhere near the functionality required by this objective. In canvassing vendors, they report no technology companies can currently support this volume of data or the listed functions." (p. 26)

...in Stage 1, some vendors were able to dictate which clinical quality measures providers chose to report--not based on the priorities of the provider, but based on the capabilities of the system. Subsequently, market forces corrected this and vendors have gone on to develop more capabilities. But this anecdote provides an important lesson when segmenting certification criteria--indeed for most technologies in general--flexibility for users necessitates consistent and robust standards for developers. In short, the 2014 Edition must require more of the vendor community if providers are to have space to pursue meaningful use of Meaningful Use. (p. 2)

Better standards--which take time to develop--could improve the situation, which is why the Office of the National Coordinator (ONC) has set up a Health IT Standards Committee. For instance, the AHA says, "we have discovered that vendors needed to program many decisions into EHRs that were not included in the e-specifications. Not only has this resulted in rampant inconsistencies between different vendors, it produced inconsistent measure results when the e-measures are compared to their counterparts in the Inpatient Quality Reporting (IQR) Program." (p. 35)

The AHA goes so far as to say, "The market cannot sustain this level of chaos." (p. 7) They conclude that the government is pushing too hard. One of their claims, though, comes across as eccentric: "Providers and vendors agree that the meaningful use program has stifled innovation in the development of new uses of EHRs." (p. 9)

To me, all the evidence points in the opposite direction. The vendors were happy for decades to push systems that performed minimal record-keeping and modest support such as formularies at huge costs, and the hospitals that adopted EHRs failed to ask for more. It wasn't a case of market failure because, as I have pointed out (and others have too), health care is not a market. But nothing would have changed had not the government stepped in.

Patient empowerment

Now for the point that has received the most press, AHA's request to weaken the rules giving patients access to their data. Once again, the AHA claims to favor patient access--and actually, they have helped hospitals over the years to give patients summaries of care, mostly on paper--but are passing on the evidence they have accumulated from their members that the systems will not be in place to support electronic distribution for some time. I won't repeat all the criticisms of the experts mentioned at the beginning of this article, but provide some perspective about patient engagement.

Let's start with the AHA's request to let the hospital can choose the format for patient data (pp. 25-26). So long as hospitals can do that, we will be left with formats that are not interoperable. Many hospitals will choose formats that are human-readable but not machine-readable, so that correlations and useful data cannot be extracted programmatically. Perhaps the technology lags in this area--but if the records are not in structured format already, hospitals themselves lose critical opportunities to check for errors, mine data for trends, and perform other useful tasks with their records.

The AHA raises alarms at the difficulties of providing data. They claim that for each patient who is treated, the hospital will have to invest resources "determining which records are relevant and appropriate." (p. 26) "It is also unclear whether a hospital would be expected to spend resources to post information and verify that all of the data listed are available within 36 hours." (p. 27)

From my perspective, the patient download provisions would simply require hospitals to clean up their ways of recording data so that it is in a useable and structured format for all, including their own staff. Just evaluate what the AHA is admitting to in the following passage: "Transferring these clinical observations into a structured, coded problem list in the EHR requires significant changes to work flows and training to ensure accuracy. It also increases time demands for documentation by physicians who already are stretched thin." (p. 27)

Unfortunately, allowing a patient to send his or her data to a third party is central to Accountable Care Organizations (ACOs), which hold the promise of improving patient care by sharing data among cooperating health care providers. If the "transmit" provision is delayed, I don't see how ACOs can take off.

The AHA drastically reduces the information hospitals would have to give patients, at least for the next stage of the requirements. Among the material they would remove are diagnoses, the reason for hospitalization, providers of care during hospitalization, vital signs at discharge, laboratory test results, the care transition summary and plan for next provider of care, and discharge instructions for patient. (p. 27) All this vastly reduces the value of data for increasing quality care. For instance, removing lab test results will lead to expensive and redundant retesting. (However, the AHA staff told me they support the ability of patients to get results directly from the labs.)

I'll conclude this section with the interesting observation that the CHIME comments on meaningful use I mentioned earlier say nothing about the patient engagement rules. In other words, the hospital CIOs in CHIME don't back up the hospitals' own claims.

Some reasonable AHA objections

Now I'm happy to turn to AHA proposals that leave fewer impediments to the achievement of better health care. Their 49-page letter (plus appendices) details many aspects of Stage 2 that seem unnecessarily burdensome or of questionable value.

It seems reasonable to me to ask the ONC, "Remove measures that make the performance of hospitals and EPs contingent on the actions of others." (p. 2) For instance, to engage in successful exchanges of patient data, hospitals depend on their partners (labs, nursing homes, other hospitals) to have Stage 2 capabilities, and given the slow rate of adoption, such partners could be really hard to find.

The same goes for patient downloads. Not only do hospitals have to permit patients to get access to data over the Internet, but they have to get 10% of the patients to actually do it. I don't think the tools are in place yet for patients to make good use of the data. When data is available, apps for processing the data will flood the market and patients will gradually understand the data's value, but right now there are few reasons to download it: perhaps to give it to a relative who is caring for the patient or to a health provider who doesn't have the technical means to request the data directly. Such uses may allow hospitals to reach the 10% required by the Stage 2 rule, but why make them responsible?

The AHA documents a growing digital divide among hospitals and other health care providers. "Rural, smaller and nonteaching hospitals have fewer financial and technical resources at their disposal. They also are starting from a lower base of adoption." (p. 59) The open source community needs to step up here. There are plenty of free software solutions to choose from, but small providers can't use them unless they become as easy to set up and configure as MySQL or even LibreOffice.

The AHA is talking from deep experience when it questions whether patients will actually be able to make use of medical images. "Images are generally very large files, and would require that the individual downloading or receiving the file have specialized, expensive software to access the images. The effort required to make the images available would be tremendous." (p. 26) We must remember that parts of our country don't even have high-speed Internet access.

The AHA's detailed comments about CMS penalties for the slow adoption of EHRs (pp. 9-18) also seem to reflect the hard realities out in the field.

But their attitude toward HIPAA is unclear. They point out that Congress required meaningful use to "take into account the requirements of HIPAA privacy and security law." (p. 25) Nevertheless, they ask the ONC to remove its HIPAA-related clauses from meaningful use because HIPAA is already administered by the Office of Civil Rights (OCR). It's reasonable to remove redundancy by keeping regulations under a single agency, but the AHA admits that the OCR proposal itself is "significantly flawed." Their staff explained to me that their goal is to wait for the next version of the OCR's own proposal, which should be released soon, before creating a new requirement that could well be redundant or conflicting.

Unless we level the playing field for small providers, an enormous wave of buy-outs and consolidation will occur. Market forces and the push to form ACOs are already causing such consolidation. Maybe it's even a good thing--who feels nostalgic for the corner grocery? But consolidation will make it even more important to empower patients with their data, in order to counterbalance the power of the health care institutions.

A closing note about hospital inertia

The AHA includes in its letter some valuable data about difficulties and costs of implementing new systems (pp. 47-48). They say, "More than one hospital executive has reported that managing the meaningful use implementation has been more challenging than building a new hospital, even while acknowledging the need to move ahead." (p. 49)

What I find particularly troublesome about their report is that the AHA offers no hint that the hospitals spent all this money to put in place new workflows that could improve care. All the money went to EHRs and the minimal training and installation they require. What will it take for hospitals to make the culture changes that reap the potential benefits of EHRs and data transfers? The public needs to start asking tough questions, and the Stage 2 requirements should be robust enough to give these questions a basis.